CVE: CVE-2019-9201

Export to Word

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 0.02009
Percentile: 0.82925

CVSS Scoring

CVSS v3.1 Score: 9.8

Severity: CRITICAL

Mapped CWE(s)

CWE-306 : Missing Authentication for Critical Function

All CAPEC(s)

CAPEC-12: Choosing Message Identifier
CAPEC-166: Force the System to Reset Values
CAPEC-216: Communication Channel Manipulation
CAPEC-36: Using Unpublished Interfaces or Functionality
CAPEC-62: Cross Site Request Forgery

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:o:phoenixcontact:ilc_131_eth_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:ilc_131_eth\/xc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:ilc_151_eth_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:ilc_151_eth\/xc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:ilc_171_eth_2tx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:ilc_191_eth_2tx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:ilc_191_me\/an_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:axc_1050_firmware:-:*:*:*:*:*:*:*

← Back to Home